Here ist my configuration:
cf-serverd.cf on the policy server:
body server control {
trustkeysfrom => { "172.24.1.58" };
allowconnects => { "172.24.1.58" };
maxconnections => "10";
logallconnections => "true";
}
bundle server access_rules {
access:
"/srv/cf-serverd"
admit => { "172\.24\..*" };
}
The promises.cf on the policy server:
body common control {
bundlesequence => { hello, test };
}
bundle agent hello {
reports:
linux::
# This is a comment
"Hello, world";
}
bundle agent test {
files:
"/jawoll"
copy_from => mycopy("/jawoll","172.24.1.58");
}
body copy_from mycopy(from,server) {
source => "$(from)";
servers => {"$(server)"};
encrypt => true;
}
I want to transfer the file "/jawoll" from the policy server to the
client. If I start a connection on the policy server with the command:
"cf-serverd -v" and after that the command "cf-agent -bootstrap" on the
client I get this on the policy server:
cf3 New connection...(from ::ffff:172.24.1.58/4)
cf3 Spawning new thread...
cf3 Received: [CAUTH 172.24.1.58 hges2355.sz.salzgitter-ag.de root 0] on
socket 4
cf3 Allowing 172.24.1.58 to connect without (re)checking ID
cf3 Non-verified Host ID is hges2355.sz.salzgitter-ag.de (Using
skipverify)
cf3 Non-verified User ID seems to be root (Using skipverify)
cf3 LastSaw host hges2355.sz.salzgitter-ag.de now
cf3 Received: [SAUTH y 256 37 c] on socket 4
cf3 Loaded /var/cfengine/ppkeys/root-172.24.1.58.pub
cf3 A public key was already known from
hges2355.sz.salzgitter-ag.de/::ffff:172.24.1.58 - no trust required
cf3 Adding IP ::ffff:172.24.1.58 to SkipVerify - no need to check this
if we have a key
cf3 The public key identity was confirmed as
r...@hges2355.sz.salzgitter-ag.de
cf3 Strong authentication of client
hges2355.sz.salzgitter-ag.de/::ffff:172.24.1.58 achieved
cf3 Received: [SSYNCH 48] on socket 4
cf3 cfServerd access list is empty, no files are visible
cf3 Access control in sync
cf3 From
(host=hges2355.sz.salzgitter-ag.de,user=root,ip=::ffff:172.24.1.58)
cf3 ID from connecting host: (SYNCH 1267180028 STAT
/srv/cf-serverd/inputs)
cf3 Received signal 2 (SIGINT) while doing
[lock.independent.server_cfengine..the_server_daemon_214_MD5=5b2c9041696
06aa9b27ec369fd13e016]
cf3 Logical start time Fri Feb 26 11:26:58 2010
cf3 This sub-task started really at Fri Feb 26 11:26:58 2010
cf3 Trying to remove lock - try
lock.independent.server_cfengine..the_server_daemon_214_MD5=5b2c90416960
6aa9b27ec369fd13e016
cf3 Outcome of version (not specified): No checks were scheduled
hgesnm3:/ # vi /var/cfengine/inputs/cf-serverd.cf
hgesnm3:/ # vi /var/cfengine/inputs/promises.cf
hgesnm3:/ # cf-serverd -v
cf3 Cfengine - autonomous configuration engine - commence
self-diagnostic prelude
cf3
------------------------------------------------------------------------
cf3 Work directory is /var/cfengine
cf3 Making sure that locks are private...
cf3 Checking integrity of the state database
cf3 Checking integrity of the module directory
cf3 Checking integrity of the PKI directory
cf3 Looking for a source of entropy in /var/cfengine/randseed
cf3 Loaded /var/cfengine/ppkeys/localhost.priv
cf3 Loaded /var/cfengine/ppkeys/localhost.pub
cf3 Setting cfengine default port to 5308 = 5308
cf3 Reference time set to Fri Feb 26 11:35:50 2010
cf3 Cfengine - 3.0.3 (C) Cfengine AS 2008-
cf3
------------------------------------------------------------------------
cf3 Host name is: hgesnm3
cf3 Operating System Type is linux
cf3 Operating System Release is 2.6.16.60-0.42.5-smp
cf3 Architecture = x86_64
cf3 Using internal soft-class linux for host hgesnm3
cf3 The time is now Fri Feb 26 11:35:50 2010
cf3
------------------------------------------------------------------------
cf3 # Extended system discovery is only available in version Nova and
above
cf3 Additional hard class defined as: 64_bit
cf3 Additional hard class defined as: linux_2_6_16_60_0_42_5_smp
cf3 Additional hard class defined as: linux_x86_64
cf3 Additional hard class defined as: linux_x86_64_2_6_16_60_0_42_5_smp
cf3 GNU autoconf class from compile time: compiled_on_linux_gnu
cf3 Address given by nameserver: 192.168.78.50
cf3 Interface 1: lo
cf3 Interface 2: lo
cf3 Interface 3: eth0
cf3 Trying to locate my IPv6 address
cf3 Found IPv6 address 3ffe:302:11:2:20a:e4ff:fe80:340a
cf3 Found IPv6 address fe80::20a:e4ff:fe80:340a
cf3 Looking for environment from cf-monitor...
cf3 Unable to detect environment from cfMonitord
cf3 This appears to be a SuSE system.
cf3 Looking for SuSE enterprise info in "SUSE Linux Enterprise Server 10
(x86_64)"
cf3 ***********************************************************
cf3 Loading persistent classes
cf3 ***********************************************************
cf3 ***********************************************************
cf3 Loaded persistent memory
cf3 ***********************************************************
cf3 > Parsing file /var/cfengine/inputs/promises.cf
cf3 Initiate variable convergence...
cf3 Initiate variable convergence...
cf3 # Knowledge map reporting feature is only available in version Nova
and above
cf3 -> Defined hard classes = { any verbose_mode Friday Hr11 Morning
Min35 Min35_40 Q3 Hr11_Q3 Day26 February Yr2010 Lcycle_0 GMT_Hr10 linux
hgesnm3_sz_salzgitter_ag_de sz_salzgitter_ag_de salzgitter_ag_de de
hgesnm3 64_bit linux_2_6_16_60_0_42_5_smp x86_64 linux_x86_64
linux_x86_64_2_6_16_60_0_42_5_smp
linux_x86_64_2_6_16_60_0_42_5_smp__1_SMP_Mon_Aug_24_09_41_41_UTC_2009
compiled_on_linux_gnu net_iface_lo net_iface_eth0 192_168_78_50
ipv4_192_168_78_50 ipv4_192_168_78 ipv4_192_168 ipv4_192
3ffe_302_11_2_20a_e4ff_fe80_340a fe80__20a_e4ff_fe80_340a cfengine_3_0_3
cfengine_3_0 cfengine_3 SuSE SLES10 server }
cf3 -> Negated Classes = { }
cf3 Initiate variable convergence...
cf3 Initiate control variable convergence...
cf3 Listening for connections ...
cf3 New connection...(from ::ffff:172.24.1.58/4)
cf3 Spawning new thread...
cf3 Received: [CAUTH 172.24.1.58 hges2355.sz.salzgitter-ag.de root 0] on
socket 4
cf3 Allowing 172.24.1.58 to connect without (re)checking ID
cf3 Non-verified Host ID is hges2355.sz.salzgitter-ag.de (Using
skipverify)
cf3 Non-verified User ID seems to be root (Using skipverify)
cf3 LastSaw host hges2355.sz.salzgitter-ag.de now
cf3 Received: [SAUTH y 256 37 c] on socket 4
cf3 Loaded /var/cfengine/ppkeys/root-172.24.1.58.pub
cf3 A public key was already known from
hges2355.sz.salzgitter-ag.de/::ffff:172.24.1.58 - no trust required
cf3 Adding IP ::ffff:172.24.1.58 to SkipVerify - no need to check this
if we have a key
cf3 The public key identity was confirmed as
r...@hges2355.sz.salzgitter-ag.de
cf3 Strong authentication of client
hges2355.sz.salzgitter-ag.de/::ffff:172.24.1.58 achieved
cf3 Received: [SSYNCH 48] on socket 4
cf3 cfServerd access list is empty, no files are visible
cf3 Access control in sync
cf3 From
(host=hges2355.sz.salzgitter-ag.de,user=root,ip=::ffff:172.24.1.58)
cf3 ID from connecting host: (SYNCH 1267180561 STAT
/srv/cf-serverd/inputs)
Where is the problem because the file "jawoll" is not on the client
after that.
--
Christian Seifert
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
